Issue #6111: AVC on dirsrv config caused by IPA installer - freeipa

freeipa

#6111 AVC on dirsrv config caused by IPA installer

Closed: Fixed None Opened 5 years ago by mbasti.

IPA installer does not call 'restorecon' on '/etc/sysconfig/dirsrv' what is causing AVC and installation failed.

Jul 21 16:12:35 master.ipa.test audit[1]: AVC avc:  denied  { open } for  pid=1 comm="systemd" path="/etc/sysconfig/dirsrv" dev="vda1" ino=665018 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object
Jul 21 16:12:35 master.ipa.test systemd[1]: dirsrv@IPA-TEST.service: Failed to load environment files: Permission denied
Jul 21 16:12:35 master.ipa.test systemd[1]: dirsrv@IPA-TEST.service: Failed to run 'start' task: Permission denied
Jul 21 16:12:35 master.ipa.test systemd[1]: Failed to start 389 Directory Server IPA-TEST..

Packages:
selinux-policy-3.13.1-191.5.fc24.noarch
systemd-229-8.fc24.x86_64

Reproducible on F24

mbabinsk commented 5 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1359237

mbabinsk commented 5 years ago

master:

f8bf8a6 Use copy when replacing files to keep SELinux context

ipa-4-3:

64bbbb5 Use copy when replacing files to keep SELinux context

Metadata Update from @mbasti:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3.2

5 years ago

Metadata

Assignee

mbasti

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.3.2

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Installation

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1359237

tester

None

changelog

None

design

None

freeipa

Source Code

#6111 AVC on dirsrv config caused by IPA installer Closed: Fixed None Opened 5 years ago by mbasti.

Metadata

#6111 AVC on dirsrv config caused by IPA installer

Closed: Fixed None Opened 5 years ago by mbasti.